Layering TCP/IP Protocols Part 3

Routing protocols: Interior and exterior

Routing is the process of moving packets between networks.

TCP/IP is a banquet of protocols, services, and applications. IP is the network "plate" that holds your food: That is to say, IP is underneath the data. The other protocols represent various pieces of your network dinnerware. Under your network "place settings" is a network tablecloth of sorts, spread with gateways and routers, which use a mixture of gateway and router protocols. A router is a physical device that connects networks to allow data to move between them. A gateway translates information from one format to another. Several routing protocols are defined in the TCP/IP suite.

Some of these routing protocols are:

✓ Border Gateway Protocol (BGP): The core routing protocol for the Internet. BGP keeps track of the network numbers that connect to the Internet. BGP runs over TCP.

✓ Interior Gateway Protocol (IGP): A protocol used by routers to exchange network information.

✓ Open Shortest Path First (OSPF): When networks change — perhaps a segment becomes unavailable because a cable breaks — whole pieces of the Internet would become available without OSPF. OSPF calculates an alternate route that a packet should follow when a path fails. This ability to recalculate a route is called dynamic routing. OSPF runs directly over IP.

TLS: Transport Layer Security

The TLS protocol provides privacy for client/server communication, such as online shopping, Voice over IP (VoIP), and Web browsing. TLS prevents eavesdropping and tampering with the communication between the client and server. TLS is similar to SSL. Though TLS is the Internet standard, SSL is more frequently used, even though it’s vendor proprietary.

RSVP: Resource Reservation Protocol

Packets need to be delivered as quickly as possible and always in the correct order to provide the best experience when you’re using multimedia applications, such as videoconferencing, on the network. Otherwise, you see strange pauses or blank spots. The Resource Reservation Protocol (RSVP) was created to provide for high quality of service (QoS). We realize that the RSVP acronym doesn’t match the protocol’s name. It’s RSVP (from the French phrase Respondez s’il vous plait, or "Respond, if you please") because you reserve network resources in advance in the same way you reserve a seat at a party by replying to the invitation.

Application layer protocols

The application layer protocols, applications, and services provide a user interface to the rest of the TCP/IP stack.

DNS: Domain Name Service

The Domain Name Service is critical to the operation of the Internet (and to any other large network). DNS translates the names that we humans love, such as, into the numbers that machines like. Thanks to DNS, you can type rather than in your Web browser. DNS servers are distributed throughout the Internet.

More than just the service that makes the name-to-number translation work, DNS refers to the entire system of DNS servers and databases. In that case, the name changes slightly to Domain Name System.

DNSSEC: Domain Name System Security Extensions

DNS alone is not particularly secure. DNSSEC is a suite of proposed standards to add extensions to the original DNS Protocol.

FTP: File Transfer Protocol

The File Transfer Protocol (FTP) helps you copy files between two computers. You use FTP to either pull the files from the remote computer or push them to the remote computer. Keep in mind that FTP is also the name of an application and a service, so we tell you about it again (and again) elsewhere in this topic.


The telnet protocol lets you connect to a remote computer and work as though you were sitting in front of that computer, no matter how far away the computer may be. By using telnet, you can lounge around in Tahiti and work on a remote computer in Antarctica as though you were there and surrounded by penguins — without suffering even a shiver. In addition to being a protocol, telnet is a service and an application — three for the price of one. If you’ve only ever used a graphical operating system, such as a flavor of Microsoft Windows, you might not understand the value of telnet. But your friendly neighborhood Linux, Unix, and Mac OS X often telnet to remote computers to run applications that might not exist on their computers.

Making telnet a verb (refer to the previous sentence) is easy and comfortable to do. (Grammarians — and editors — would cringe.) Remember that verbing weirds language.

TFTP: Trivial File Transfer Protocol

The Trivial File Transfer Protocol (TFTP) is a specialized form of FTP. One common use is to copy and install a computer’s operating system from a TFTP server’s files. RFC2349 states that "The basic TFTP protocol has no security mechanism." TFTP servers are available (many of them free) from various sources that claim to add security to the basic TFTP protocol. We haven’t tried any of these extended TFTP servers, so be careful.

SNMP: Simple Network Management Protocol

SNMP functions as the maitre d’ at your network feast, overseeing the entire dining experience. The Simple Network Management Protocol (SNMP) is used to

✓ Monitor and manage networks and the devices connected to them

✓ Analyze network performance

You can get a network monitoring (or management) system from your choice of vendors or use an open source version. These products can show the state of your network by using some attractive graphics.

SMTP: Simple Mail Transfer Protocol

The Simple Mail Transfer Protocol (SMTP) is the protocol for transferring e-mail messages among computers. Messages can move directly from the sender’s computer to the recipient’s computer, or proceed through intermediary computers in a process known as store and forward.

POP3: Post Office Protocol version 3

The Post Office Protocol (POP3, or often just POP) provides basic client/ server features that help you download your e-mail from a mail server to your computer. POP3 is designed to allow home users to move their e-mail from their Internet service provider’s (ISP’s) computers to their own. You need a POP3 mail client to communicate with a POP3 mail server.  POP3 is your network corkscrew because it gets your e-mail wine out of the bottle and into your wine glass.

IMAP4: Internet Message Access Protocol version 4, revision 1

IMAP4 is the fancy decanter that holds the wine better than the bottle does, but still helps you get the e-mail wine into your wine glass. The Internet Message Access Protocol (abbreviated as IMAP4rev1 or IMAP4 or just IMAP) provides more sophisticated client/server capabilities than POP3 does. You need an IMAP4 client to communicate with an IMAP4 mail server, but it gives you more choices for handling your e-mail.

POP3 and IMAP4 don’t interoperate. You can’t use a POP3 client with an IMAP4 server or use an IMAP4 client with a POP3 server, but these days most clients and servers speak both protocols.

LDAP: Lightweight Directory Access Protocol

The Lightweight Directory Access Protocol (LDAP) is a way to look up and possibly change information such as usernames, passwords, e-mail addresses, and lots more in an X.500-compatible directory service. (Whew! That’s a mouthful.) You pronounce it "el-dap," which rhymes with "cap."

Many people refer to the directory service as an LDAP server, but keep in mind the A in the name. LDAP is the method that applications use to access the directory to reach the data it holds. This communications protocol doesn’t mention managing the directory server product or the data. Microsoft and Apple build directory servers into their operating systems (Active Directory for Windows and Open Directory for Mac OS X, respectively), and many stand-alone LDAP server products — both freeware and commercial — are available.

By the way, it’s the access protocol that is lightweight — not the directory service or the data in it.

NTP: Network Time Protocol

The time-of-day clocks that computers maintain are synchronized by the Network Time Protocol (NTP). Time-stamping is important in all sorts of applications, providing everything from document creation dates to network routing date-and-time information to banking transactions and stock transfers.

Using NTP, you can configure a computer to set its clock, and keep it accurate, by retrieving current time data from a time server computer, such as time. or a member of the NTP pool.

HTTP: HyperText Transfer Protocol

The HyperText Transfer Protocol (HTTP) is the key protocol for transferring data across the World Wide Web. HTTP transfers HyperText Markup Language (HTML) and other components from the Web servers (on the Internet, your intranet, or extranet) to your browser client.With all the different Web languages, HTTP works like a large pitcher filled with Sangria — many different, delicious ingredients that combine to make something wonderful.

HTTPS: HTTP over Secure Sockets Layer

HTTPS is a secure version of HTTP that encrypts sensitive data, such as your credit card information, whenever you buy something over the Internet.

Technically, HTTPS isn’t a separate protocol. It’s HTTP with security turned on. Although most of the protocols we are talking about can be used with security turned on, few get special names for their secure versions.

Another secure form of HTTP is the Secure HyperText Transfer Protocol (S-HTTP), but it’s older and rarely used. HTTPS is much more popular.

BOOTP: Boot Protocol

Not every computer has an operating system preinstalled — sometimes you have to install it yourself. If the computer has no disks for storage (sometimes it happens for good reasons), you can download the operating system into memory from another computer on the network. The diskless computer uses the Boot Protocol (BOOTP) to load its operating system, and other applications, over the network.

BOOTP has no security. Dynamic Host Configuration Protocol (DHCP) has features that have mostly replaced BOOTP.

PPTP: Point-to-Point Tunneling Protocol

The Point-to-Point Tunneling Protocol (PPTP) helps you create a VPN on the public Internet. Using PPTP, you can have a secure link to your organization’s network — as though you were inside the building and on the LAN — even though you’re connected to the Internet by way of an ISP. (It’s like having a secret tunnel into the office.) When you use PPTP, your communication traffic can even be encrypted to ensure that no miscreants can see your data. You get all the benefits of a global private network with none of the hassles of launching your own satellites, laying your own undersea cables.Think of PPTP as your network napkin because it augments the tablecloth provided by the router protocols mentioned earlier in this section.

L2tP has mostly replaced PPTP for VPN security in most networks because PPTP doesn’t provide encryption for security. It relies on the protocol being tunneled to provide privacy.

DHCP: Dynamic Host Configuration Protocol

If IP is your fine dinner plate at the network banquet, DHCP is your recyclable paper plate. DHCP is a client/server solution for sharing numeric IP addresses. A DHCP server maintains a pool of shared addresses — and those addresses are recyclable. When a DHCP client wants to use a TCP/IP application, that client must first request an IP address from the DHCP server. The server checks the shared supply and if all the addresses are in use, the server notifies the client that it must wait until another client finishes its work and releases a TCP/IP address. If an address is available, the DHCP server sends a response to the client that contains the address.

This shared-supply approach makes sense in environments in which computers don’t use TCP/IP applications all the time or in which not enough addresses are available for all the computers that want them.

SSL: Secure Sockets Layer

SSL (the Secure Sockets Layer) version 2 is an older protocol developed by Netscape Corporation that allows applications to encrypt data that goes from a client, such as a Web browser, to the matching server. (Encrypting your data means converting it to a secret code. When you buy that Lamborghini over the Web, no one other than the dealer can read your credit card number. SSL version 3 allows the server to authenticate that the client is who it says it is. While SSL is the more frequently used protocol, the TLS protocol is the standard that has replaced SSL in some newer applications.

IPP: Internet Printing Protocol

As the time of this topic’s publication, no standard for printing exists. You may now need to use different printing methods depending on how your printer is attached and the maker of your printer. The goal of the application layer IPP is to standardize most Internet printing tasks. In other words, regardless of who makes your printer and how it’s attached, you need to know only one way to

✓ Print

✓ Cancel a print job

✓ Discover the printer’s status

✓ Find out what a printer can do (print in color or draft quality, for example)

Before IPP, a proposed standard, can become a standard, it needs to include strict authentication and security.

Kerberos Network Authentication Service

Kerberos is the three-headed dog that guards the entrance to hell. Or, is it a TCP/IP service? If your network security is hellish, Kerberos is both. The TCP/ IP service Kerberos is designed to allow users, computers, and services to identify themselves to each other without lying. Without this identity-checking process, called authentication, a computer or service could potentially say that it is anything or anyone, and TPC/IP would accept the identification without checking. In this age of computer hacking and intrusions, trusting that network services and computers are who they say they are can be dangerous.

Kerberos is a trusted impartial authentication service — or maybe it’s just paranoid. It assumes that unauthorized programs try to read and modify packets that are traveling along a network. This paranoia is what makes Kerberos impartial: It doesn’t depend on other programs, the host’s operating system, the physical security of the network, or IP addresses to do its work. Instead, it works alone with its own, validated tickets.Kerberos is the default authentication mechanism in the Microsoft Windows 2000 operating system.

Kerberos is the bouncer at an exclusive party — it guards the door and kicks out anyone who isn’t invited.

1MPP: Instant Messaging and Presence Protocol

Although instant messaging (IM) is a handy application for people to send quick messages back and forth across the Internet, IM vendors have traditionally used different, proprietary protocols that don’t work together. The goal of IMPP is for different IM applications to be able to talk to each other easily across the Internet.

SlP: Session Initiation Protocol

SIP is a protocol for connecting multimedia sessions — such as voice, chat, games, and video.

And many, many more

You can find many more existing pieces of TCP/IP, and new ones are being developed right now. The ones we describe in this topic are some of the most important and most commonly used.

Next post:

Previous post: